Configuring a Site-to-Site IPSec Tunnel to Alibaba Cloud

In order to establish Site-To-Site IPSEC VPN connection between Alibaba Cloud and Perimeter 81 please follow the steps below:

1. Setting Tunnel on Alibaba Cloud

Log on to the VPC console

In the left-side navigation pane, choose VPN > IPsec Connections

Select a region

On the IPsec Connections page, click Create IPsec Connection

On the Create IPsec Connection page, configure the IPsec-VPN connection according to the following information and click OK

Name - Enter the name of the IPsec-VPN connection

VPN Gateway - Select the VPN Gateway to connect - If none create new one

Customer Gateway - Select the customer gateway to connect - If none create new one for P81 gateway public IP

Local Network - Enter the CIDR block of the VPC to be connected with the on-premises data center. This parameter is used for phase two negotiation

Remote Network - Enter the CIDR block of the on-premises data center to be connected with the VPC. This parameter is used for phase two negotiation (if you didn't select specific subnet) P81 default is - 10.255.0.0/16

Effective Immediately - Choose Yes

Advanced Configuration: IKE Configurations

Pre-Shared Key - Enter the pre-shared key used for the authentication between the VPN Gateway and the customer gateway. By default, it is an automatically generated value. But you can also specify a pre-shared key - this key should be used also in P81 side

Version - IKEv1

Negotiation Mode - Main mode

Encryption Algorithm - aes256

Encryption Algorithm - sha1

DH Group - group2

SA Life Cycle (seconds) - Set the SA lifecycle for phase one negotiation. The default value is86,400 seconds

LocalId - Local VPN Gateway public IP address

RemoteId - P81 gateway public IP address

Advanced Configuration: IPSec Configurations

Encryption Algorithm - aes256

Authentication Algorithm . - sha1

DH Group - group2

SA Life Cycle (seconds) - Set the SA lifecycle for phase two negotiation. Default value: 86,400s

Health Check - Optional

2. Setting Access rules in Alibaba Security Groups

Go you your security group that is associated with your server

Add Allow rule with 10.255.0.0/16 object to the desired ports

3. Setting Routes in Alibaba Cloud

Go to you VPN

Click on "Route Tables"

Add the following route under System route table or on your custom route table: 10.255.0.0/16 - Next hop should be the VPN Gateway you created for P81

4. Perimeter81 Setting

Go to the Gateway in your network from which you want to create the tunnel to AliBaba Cloud